Father of PGP encryption: Telcos need to get out of bed with governments

LAS VEGAS—Phil Zimmermann, the creator of Pretty Good Privacy public-key encryption, has some experience when it comes to the politics of crypto. During the “crypto wars” of the 1990s, Zimmermann fought to convince the US government to stop classifying PGP as a “munition” and shut down the Clipper Chip program—an effort to create a government-mandated encryption processor that would have given the NSA a back door into all encrypted electronic communication. Now Zimmermann and the company he co-founded are working to convince telecommunications companies—mostly overseas—that it’s time to end their nearly century-long cozy relationship with governments.

Zimmermann compared telephone companies’ thinking with the long-held belief that tomatoes were toxic until it was demonstrated they weren’t. “For a long time, for a hundred years, phone companies around the world have created a culture around themselves that is very cooperative with governments in invading people’s privacy. And these phone companies tend to think that there’s no other way—that they can’t break from this culture, that the tomatoes are poisonous," he said.

A call for crypto

Back in 2005, Zimmermann, Alan Johnston, and Jon Callas began work on an encryption protocol for voice over IP (VoIP) phone calls, dubbed ZRTP, as part of his Zfone project. In 2011, ZRTP became an Internet Engineering Task Force RFC, and it has been published as open source under a BSD license. It’s also the basis of the voice service for Silent Circle, the end-to-end encrypted voice service Zimmermann co-founded with former Navy SEAL Mark Janke. Silent Circle, which Ars tested on the Blackphone in June, is a ZRTP-based voice and ephemeral messaging service that generates session-specific keys between users to encrypt from end to end. The call is tunneled over a Transport Layer Security-encrypted connection through Silent Circle’s servers in Canada and Switzerland. ZRTP and the Silent Circle calls don’t rely on PGP or any other public key infrastructure, so there’s no keys to hand over under a FISA order or law enforcement warrant.

Now, thanks largely to the revelations of NSA and GCHQ monitoring of telecommunications triggered by documents leaked by Edward Snowden, there’s a growing market demand for call privacy —and telecom companies, especially in Europe, have become more receptive to the idea of giving customers the power to protect their privacy. In February, Dutch telecommunications carrier KPN signed a deal to be the exclusive provider of Silent Circle’s encrypted voice call service in the Netherlands, Belgium, and Germany. The company started offering Silent Circle services to customers this summer.

That move was driven, Zimmermann said, by KPN’s chief information security officer, Jaya Baloo. “She decided she wanted to break ranks from the rest of the phone companies and get KPN to offer their customers privacy,” Zimmermann said. “So for the first time, you see a phone company offer real privacy. My hope is that other phone companies will find the tomatoes are not poisonous.”

Defense through dependency

Thanks in part to Janke’s connections, the service has been adopted by the Navy SEALS—not just for calling home, but for operational communications, as well as Canadian, British, and Australian special operations forces, members of the US Congress and US law enforcement. “About a year ago we had a visit from the FBI in our office,” Zimmermann said. “Mike Janke called and told, ‘The FBI was in our office today,’ and I said, ‘Oh no, it’s started already.’ And he said, ‘No, no, they were just here to ask about pricing.”

Further Reading

Custom-built with privacy in mind, this handset isn’t for (Google) Play.

All of this plays into Zimmermann’s strategy to keep government agencies from pressing for backdoors into Silent Circle's service. “I thought what we need is, we needed to create the conditions where nobody was going to lean on us for backdoors because they need it themselves. If Navy SEALs are using this, if our own government develops a dependency on it, then they’ll recognize that it would be counter-productive for them to get a backdoor in our product. Now maybe it was an overabundance of caution, because they never asked for a backdoor in PGP, but that took years to get that propagated into government customers. We saw government customers take this up almost as soon as the product was ready—in fact before the product was ready they were asking about it. So we’ve created a situation where it’s difficult for them to even bring up the suggestion of a backdoor.”

That’s not to say that everything has gone smoothly. Zimmermann’s company had to abandon its secure email service in the wake of the shutdown of LavaBit. “We wiped out our entire secure email service—backups, and everything,” Zimmermann told the Def Con audience. “Some of our customers were pissed off, but for the most part they understood we were protecting their privacy.”

Giving NIST (and RSA) the finger

Doing business with US government customers generally requires the use of National Institute of Standards and Technology (NIST) standards for encryption. But by default, Zimmermann said, Silent Circle uses an alternative set of encryption tools.

“It wasn’t because there was anything actually wrong with the NIST algorithms,” Zimmermann explained. “After the Snowden revelations, we felt a bit resentful that NIST had cooperated with the NSA."

He continued, “So to express our displeasure at NIST, we offered alternative algorithms. We’re using a new elliptic curve (encryption algorithm) that we commissioned Dan Bernstein to do for us, we use a Twofish block cypher, and we use Skein as our hash function.”

Silent Circle does offer the NIST algorithms as an alternative. But he took the opportunity to use the controversy over the NIST standard’s now-deprecated random number generator standard—one that was crafted by the NSA to provide a way to break encryption—to get in a few digs about an old adversary. “We’re not using the stupid random number generator that NIST did at the behest of the NSA,” he said in response to an Def Con audience question. “I can’t imagine why anyone would use such a stupid random number generator. But apparently RSA did, and put it in their Bsafe subroutine library, which is closed source. It’s funny, back in the 90s, back when RSA started the criminal investigation against me by calling up the prosecutor and asking him to put me in prison, they said RSA was the most trusted name in cryptography…So, it’s ironic that we find today that they were paid $10 million to put an NSA-designed random number generator in their subroutine library.”

51 Reader Comments

In February, Dutch telecommunications carrier KPN signed a deal to be the exclusive provider of Silent Circle’s encrypted voice call service in the Netherlands, Belgium, and Germany.

And here's the problem with many other cryptographic alternatives to voice communication: exclusivity.

DON'T.

If you want cryptographic communication to succeed, it must become a standard, not a KPN-to-KPN kind of service. Intercompatibility between carriers is essential to successful private communication.

Take the Internet - enough ways to encrypt end-to-end without any hassle on the side of the user. But why are things like email still so insecure? Because encryption is not the standard.

There must be a standard for all mail clients - server sided AND client sided - to accept incoming and create outgoing encrypted messages, and the same should apply to other commonly used communications platforms.

There must be a standard for all mail clients - server sided AND client sided - to accept incoming and create outgoing encrypted messages, and the same should apply to other commonly used communications platforms.

Been calling for that since PGP first hit the net. Unless the client generates a keypair upon configuration of account, attaches the public key to every email sent, and encrypts by default if it has the public key of the receiver, it will remain the domain of cypherpunks.

I would not trust a SAAS client with encrypted emails tho, as it will need to decrypt on server...

Agreed, but the chances of this happening are near nil--governments, spies, and communication networks have been in bed with each other since the dawn of time--so a more meaningful approach would be for folks to put their efforts toward building an inherently decentralized system. There's a retarded amount of overlapping wifi coverage out there not to mention everyone and his doggie has half a dozen cellular radios in their desk drawer, those might be good places to start.

In February, Dutch telecommunications carrier KPN signed a deal to be the exclusive provider of Silent Circle’s encrypted voice call service in the Netherlands, Belgium, and Germany.

And here's the problem with many other cryptographic alternatives to voice communication: exclusivity.

DON'T.

If you want cryptographic communication to succeed, it must become a standard, not a KPN-to-KPN kind of service. Intercompatibility between carriers is essential to successful private communication.

Take the Internet - enough ways to encrypt end-to-end without any hassle on the side of the user. But why are things like email still so insecure? Because encryption is not the standard.

There must be a standard for all mail clients - server sided AND client sided - to accept incoming and create outgoing encrypted messages, and the same should apply to other commonly used communications platforms.

But... what about all the children terrorists downloading illegal movies over encrypted dial up torrent sites!

The European telcos are emphasizing privacy only as a knee jerk reaction to foreign spying revealed by Snowden.

Once their own governments, that grant them their licenses to operate, "ask" them to tap into certain calls, guess what will happen?

Never trust "privacy" provided by Telcos. If they can provide it, they can "decode" it (like by pushing out a "security patch" that includes a back door.) It's all just theater to make people "feel" safer.

Unfortunately, one has to operate on the basis that EVERYTHING one does is not private these days.

Of course they should get out of bed with government. They are making way too much money from government to do so, however. Government tends to be their major customer, if not one of their top ones. That is a sad reality.

If you turn down the NSA's money - for instance - they are the very same government you just won a multi-billion bid with. Entirely different agency, of course. One is basic infrastructure wiring, the other is a spy agency. But, the telcos do not see it that way. And the NSA may have influence in such bidding processes.

IMO... the onus was on Obama and Obama dropped the ball. Plenty of people underneath him who have done the same thing.

We see this same corruption all the time. A new big scandal tends to come out a few times a month.

Today it was a General at an Air Force academy who fired people responsible for catching his students in rape and sexual assault. He also coddled one of the most grievous rapists, a star football player.

Now the General looks like the depraved idiot that he is. But, he was close to getting away with it.

The NSA and these other agencies clearly broke a great litany of federal laws. They are probably using that information for personal monetary and power gains. Nobody got fired when Snowden dumped these disclosures. Oh, I am sorry -- none of the top people did. Of course they found completely innocent, internal scapegoats. No, the intel leaders went on a talk circuit.

Now, Alexander is out flaunting how he is making millions and patenting ideas he stole from the US.

While Obama just goes, "Okay, Okay, let me sign the dotted line".

Recalls to me the old story about a man cheating on his wife. She walks in. He says, "Who are you going to believe? Me or your lying eyes?"

That is what Obama and crew did. I am not sure how guilty they are (intel leaders probably made sure to make them complicit just in case they got busted for anything)... but they definitely okayed everything and have done everything to cover it up.

Hoover extorted presidents straight up from Roosevelt to Nixon. Not one of those Presidents were men enough to stand Hoover down. The man was a master surveillance expert and extortion expert. They were terrified of that little cross dresser.

It is happening again, and they are flaunting it.

When this kind of stuff happens in societies, those civilizations do not last long.

Amazing the US recovered from the last colossal fuck up in the financial industry. Next time, we won't be so lucky.

Sucks to be here with such a complacent public and such a crappy administration. But, when America's economy collapses, it will suck for everyone, globally.

Their main departure is the use of Google and Apple push notifications for signaling, which makes them seamless to use. In my experience, call quality is pretty decent, as well as latency, in both "local" as well as intercontinental calls, and it works on 3G.

In February, Dutch telecommunications carrier KPN signed a deal to be the exclusive provider of Silent Circle’s encrypted voice call service in the Netherlands, Belgium, and Germany.

And here's the problem with many other cryptographic alternatives to voice communication: exclusivity.

DON'T.

If you want cryptographic communication to succeed, it must become a standard, not a KPN-to-KPN kind of service. Intercompatibility between carriers is essential to successful private communication.

Take the Internet - enough ways to encrypt end-to-end without any hassle on the side of the user. But why are things like email still so insecure? Because encryption is not the standard.

There must be a standard for all mail clients - server sided AND client sided - to accept incoming and create outgoing encrypted messages, and the same should apply to other commonly used communications platforms.

But... what about all the children terrorists downloading illegal movies over encrypted dial up torrent sites!

How will we stop them?

Sometimes it's nice living outside of the Anglosphere, where the media or anyone else isn't in a panic about terrorists, or pirates, or paedophile pirate terrorists. It's not even mentioned in parody because it isn't a thing.

In February, Dutch telecommunications carrier KPN signed a deal to be the exclusive provider of Silent Circle’s encrypted voice call service in the Netherlands, Belgium, and Germany.

And here's the problem with many other cryptographic alternatives to voice communication: exclusivity.

DON'T.

If you want cryptographic communication to succeed, it must become a standard, not a KPN-to-KPN kind of service. Intercompatibility between carriers is essential to successful private communication.

Take the Internet - enough ways to encrypt end-to-end without any hassle on the side of the user. But why are things like email still so insecure? Because encryption is not the standard.

There must be a standard for all mail clients - server sided AND client sided - to accept incoming and create outgoing encrypted messages, and the same should apply to other commonly used communications platforms.

But... what about all the children terrorists downloading illegal movies over encrypted dial up torrent sites!

How will we stop them?

Sometimes it's nice living outside of the Anglosphere, where the media or anyone else isn't in a panic about terrorists, or pirates, or paedophile pirate terrorists. It's not even mentioned in parody because it isn't a thing.

That sounds nice, here in the UK, if it isn't "omg terrorists" or "THINK OF THE CHILDREN!!!" or "pirates are bankrupting the world".... the next regular big concern seems to be what kanye is doing.

Although I probably do get a pretty warped view of the overall news as I dont watch mainstream media much, and dont own a TV. I read the papaers occasionally but most is just what bubbles up through sites like here.

Of course they should get out of bed with government. They are making way too much money from government to do so, however. Government tends to be their major customer, if not one of their top ones. That is a sad reality.

If you turn down the NSA's money - for instance - they are the very same government you just won a multi-billion bid with. Entirely different agency, of course. One is basic infrastructure wiring, the other is a spy agency. But, the telcos do not see it that way. And the NSA may have influence in such bidding processes.

IMO... the onus was on Obama and Obama dropped the ball. Plenty of people underneath him who have done the same thing.

We see this same corruption all the time. A new big scandal tends to come out a few times a month.

Today it was a General at an Air Force academy who fired people responsible for catching his students in rape and sexual assault. He also coddled one of the most grievous rapists, a star football player.

Now the General looks like the depraved idiot that he is. But, he was close to getting away with it.

The NSA and these other agencies clearly broke a great litany of federal laws. They are probably using that information for personal monetary and power gains. Nobody got fired when Snowden dumped these disclosures. Oh, I am sorry -- none of the top people did. Of course they found completely innocent, internal scapegoats. No, the intel leaders went on a talk circuit.

Now, Alexander is out flaunting how he is making millions and patenting ideas he stole from the US.

While Obama just goes, "Okay, Okay, let me sign the dotted line".

Recalls to me the old story about a man cheating on his wife. She walks in. He says, "Who are you going to believe? Me or your lying eyes?"

That is what Obama and crew did. I am not sure how guilty they are (intel leaders probably made sure to make them complicit just in case they got busted for anything)... but they definitely okayed everything and have done everything to cover it up.

Hoover extorted presidents straight up from Roosevelt to Nixon. Not one of those Presidents were men enough to stand Hoover down. The man was a master surveillance expert and extortion expert. They were terrified of that little cross dresser.

It is happening again, and they are flaunting it.

When this kind of stuff happens in societies, those civilizations do not last long.

Amazing the US recovered from the last colossal fuck up in the financial industry. Next time, we won't be so lucky.

Sucks to be here with such a complacent public and such a crappy administration. But, when America's economy collapses, it will suck for everyone, globally.

"Now, Alexander is out flaunting how he is making millions and patenting ideas he stole from the US."

Yes, this is big business.

Here is how companies of dubious origin survive. Verint is one of the top purveyors of civil rights abusing software and hardware. Unlimited access to resources from the United States government gives you this.....

Verint origins are in Comverse Technology's Comverse Infosys business unit, which was created in1999 although it was also incorporated in Delaware in February 1994 as a wholly owned subsidiary of Comverse Technology Verint’s initial focus was on the commercial call recording market, which at the time was transitioning from analog tape to digital recorders. On June 7, 1999, the company unveiled its Internet Call Waiting service. On August 27, 1999, the company announced the launch of Words & Pictures, a pre-configured, "plug-and-play" quality monitoring solution for small and mid-sized call centers. In 1999, Comverse Infosys expanded into the security market by combining with another division of Comverse focused on the communications interception market. In 2001, Verint expanded its security offering into video security through a combination of its business with Loronix Information Systems, Inc., which had been previously acquired by Comverse. In 2002, Comverse Infosys changed its name to Verint Systems Inc. Verint completed an IPO in May 2002, commencing its beginnings as a public company although it was still majority owned by Comverse Technology. Verint subsequently grew both organically and through acquisitions. Since 2006, these acquisitions included: the networked video security business of Hong Kong-based MultiVision Intelligent Surveillance Limited; CM Insight Limited, a UK-based, customer management solution provider; Mercom Systems Inc., a provider of interaction recording and performance evaluation solutions for small-to-midsize contact centers and public safety centers; ViewLinks Euclipse Ltd., an Israeli-based provider of data mining and link analysis software solutions. Verint’s largest acquisition was of Witness Systems, Inc. in May 2007, which strengthened Verint’s leadership position in the enterprise workforce optimization market. A subsequent acquisition was of Iontas, in early 2010, a provider of desktop analytics solutions. Beginning with a stock options backdating scandal in 2006, parent company Comverse Technology suffered a series of financial reporting problems, losses and layoffs, with one consequence that both Comverse and Verint were delisted from the NASDAQ stock market in 2007 and ended up on the Pink Sheets. In July 2010, Verint was relisted on the NASDAQ stock market under the symbol VRNT. By that year, there was considerable talk that Comverse Technology would sell its remaining interest in Verint, with some private equity firms mentioned as possible buyers. In September 2011, Verint acquired Global Management Technologies Corporation, paying around $25 million for it. In August 2012, Verint announced that it would buy out Comverse Technology's stake in it, in a transaction valued at around $800 million. An FBR Capital Markets analyst said the move "finally eliminates a major overhang on the name by removing Comverse's majority ownership stake."The deal was finalized in February 2013. On February, 3, 2014, Verint Systems completed acquisition of KANA Software Inc. from Accel-KKR for $514.2 million.

Key exchange has always been the Achilles heel of PGP. In a better world there would be a SMTP command to retrieve someone's key and your mail client would just automatically grab it if you asked (maybe by default). Instead you have to check third party servers in the vain hope that they've registered it, and forget about interoperability with Microsoft Exchange or anything like that.

I've generated keys and registered them everywhere I can find, and to date not a single person has ever sent me an encrypted email. Nor have I ever found someone else's key. PGP is about half of a solution, and nobody has managed to implement the second half in any really usable way.

Key exchange has always been the Achilles heel of PGP. In a better world there would be a SMTP command to retrieve someone's key and your mail client would just automatically grab it if you asked (maybe by default). Instead you have to check third party servers in the vain hope that they've registered it, and forget about interoperability with Microsoft Exchange or anything like that.

I've generated keys and registered them everywhere I can find, and to date not a single person has ever sent me an encrypted email. Nor have I ever found someone else's key. PGP is about half of a solution, and nobody has managed to implement the second half in any really usable way.

Blah blah blah, ... to date not a single person has ever sent me an encrypted email. Nor have I ever found someone else's key...

Another way of saying that is "I have zero need for encrypted email".

Proof: if you did, you would in fact arrange to share public keys with the people you need secure communications with. For instance, all members of a start up generate and exchange keys, and use a specific email package that then lets them email without worrying that the email is getting intercepted and the valuable IP stolen.

PGP requires exchange of keys with zero (that is 0 followed by n number of more zeros) chance of interception and meddling by "the man" in the middle. You do this in person with a USB stick m'kay.

Having to transfer keys on USB sticks over sneakernet kinda defeats the purpose of using encryption over the Internet. The problem of PGP and using email addons like Enigmail or APG is that I can't trust other people's keys... How do I know an email containing a new public key hasn't been tampered with? I can't go around exchanging USB sticks with people around the world.

I'm still trying to figure out how ZRTP works. If it can carry public keys for further communications without being MITMed, then all the better. We need fully decentralized encrypted communications with multiple fallbacks - devices talking directly with each other without vulnerable servers for authentication or routing.

The way you check that you're not being MitM is that two random words out of a dictionary of thousands are shown to both ends. You're supposed to say them out loud to your party. Since that's hard to fake real time, if they match on both ends, there's no MitM. Once you verify a partner (which you can also do in person through a call) key continuity provides the same guarantee going forward.

Blah blah blah, ... to date not a single person has ever sent me an encrypted email. Nor have I ever found someone else's key...

Another way of saying that is "I have zero need for encrypted email".

Proof: if you did, you would in fact arrange to share public keys with the people you need secure communications with. For instance, all members of a start up generate and exchange keys, and use a specific email package that then lets them email without worrying that the email is getting intercepted and the valuable IP stolen.

PGP requires exchange of keys with zero (that is 0 followed by n number of more zeros) chance of interception and meddling by "the man" in the middle. You do this in person with a USB stick m'kay.

The key exchange is done with asymmetric encryption so you don't need to go crazy with usb keys or anything like that, but the key exchange mechanism is totally ad-hoc and there is no clear winner. Its much too hard to use, the only people using it are crypto nerds and people with something to hide, which just makes them stand out.

It has been how many years since PGP came out and there is still no defacto default keystore? Where is the service where I punch in an email address and get the public key? Well, there are like 20 of them, and none are integrated into anything like a quorum of email clients. It's really frustrating. And even if this did exist, Exchange uses its own system that's completely incompatible, so forget about working cross domain. Exchange doesn't even have a good mechanism to exchange keys outside of its own domain. This shouldn't be a hard problem, but with current technologies it's almost impossible.

Blah blah blah, ... to date not a single person has ever sent me an encrypted email. Nor have I ever found someone else's key...

Another way of saying that is "I have zero need for encrypted email".

Proof: if you did, you would in fact arrange to share public keys with the people you need secure communications with. For instance, all members of a start up generate and exchange keys, and use a specific email package that then lets them email without worrying that the email is getting intercepted and the valuable IP stolen.

PGP requires exchange of keys with zero (that is 0 followed by n number of more zeros) chance of interception and meddling by "the man" in the middle. You do this in person with a USB stick m'kay.

The key exchange is done with asymmetric encryption so you don't need to go crazy with usb keys or anything like that, but the key exchange mechanism is totally ad-hoc and there is no clear winner. Its much too hard to use, the only people using it are crypto nerds and people with something to hide, which just makes them stand out.

It has been how many years since PGP came out and there is still no defacto default keystore? Where is the service where I punch in an email address and get the public key? Well, there are like 20 of them, and none are integrated into anything like a quorum of email clients. It's really frustrating. And even if this did exist, Exchange uses its own system that's completely incompatible, so forget about working cross domain. Exchange doesn't even have a good mechanism to exchange keys outside of its own domain. This shouldn't be a hard problem, but with current technologies it's almost impossible.

If there were a default keystore, it would be a centralized target for government interference since there's no way to verify that a particular email-address-to-key mapping is genuine.

I'm not saying that PGP's current design is good; just that depending on a central hub would not make it better. In fact, this is a problem with key servers in general.

Blah blah blah, ... to date not a single person has ever sent me an encrypted email. Nor have I ever found someone else's key...

Another way of saying that is "I have zero need for encrypted email".

Proof: if you did, you would in fact arrange to share public keys with the people you need secure communications with. For instance, all members of a start up generate and exchange keys, and use a specific email package that then lets them email without worrying that the email is getting intercepted and the valuable IP stolen.

PGP requires exchange of keys with zero (that is 0 followed by n number of more zeros) chance of interception and meddling by "the man" in the middle. You do this in person with a USB stick m'kay.

I have a private SSL only chat server that I exchange keys with other global mil indust companies. They wanted to just email keys. Not as secure as carrying a stick (which could be evil) but better than email.

Blah blah blah, ... to date not a single person has ever sent me an encrypted email. Nor have I ever found someone else's key...

Another way of saying that is "I have zero need for encrypted email".

Proof: if you did, you would in fact arrange to share public keys with the people you need secure communications with. For instance, all members of a start up generate and exchange keys, and use a specific email package that then lets them email without worrying that the email is getting intercepted and the valuable IP stolen.

PGP requires exchange of keys with zero (that is 0 followed by n number of more zeros) chance of interception and meddling by "the man" in the middle. You do this in person with a USB stick m'kay.

Blah blah blah, ... to date not a single person has ever sent me an encrypted email. Nor have I ever found someone else's key...

Another way of saying that is "I have zero need for encrypted email".

Encrypting email is like flying a big red flag saying 'Hey! Look at me, I've got something to hide !'. It's been said before but it bears repeating. Encryption can't defend against state backed actors. If the NSA wants to read your encrypted email, they will do so one way or another. Doing this routinely is however, expensive in time and people so what they really want is to identify the end points and connections. Whom is talking to whom and what are their relationships. This helps them triage the torrents of data and to focus their efforts on high value comms. If you want truly secure comms you'll need to redesign the basic protocols so they use a broadcast mechanism that doesn't uniquely identify the receiver.

Absolutely! I continue to find it incomprehensible what the Republicans have done by deregulating many years of fair work to regulate business reasonably as for the many. Which of course benefits only the rich and powerful. The rich and very powerful are now becoming the government exploiting wherever they can get away with it.It will probably get much worse where we can do nothing reasonably about it. We have become pawns and slaves helples to selfish bureaucrats and very rich. Still so many conservative constituants think via conceit, ignorance, and arrogance that everything is fine. It will get much worse and currently is quietly of course. They control the press as well. All these arrogant ,conceited conservative flaunt their values blindly. Politics is some kind of cute game. Conservativism is essentially where you really don't care about anything until it effects you directly. They wave the flag real fast and hard yet couldn't tell you much about much beyond immature silly quips. We are all screwed. This is and will be the legacy of Ray-gun and his senile supporters within and out of government. Selfish that they are. Don't even care the environment is going down the tubes rapidly and don't want to know that or anything of substance. This may be the bain of having people live longer. Afraid of anything they simply can't understand. God will not save us. They simply can't live life on lifes terms and are taken advantage of by the selfish.

Oh hi there. Since you pretend you've got nothing to hide, can you please enjoy us by sharing your sexual fantasies, including those that will cause you to end up in jail (or worse) if enacted and all your financial details, including account numbers and PIN's etc.. for all your relevant accounts?

Sean Gallagher / Sean is Ars Technica's IT Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.